14 lines
1.3 KiB
JSON
14 lines
1.3 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1675",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1675",
|
|
"title": "An update for curl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Moderate",
|
|
"description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\n\nSecurity Fix(es):\n\nlibcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and SSH settings were left out from the configuration match checks, making them match too easily.(CVE-2022-27782)\n\nA vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services (NSS) get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availability.(CVE-2022-27781)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-27781",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |